CVE-2020-36929
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-02-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| brother | brprint_auditor | 3.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in Brother BRPrint Auditor version 3.0.7 on Windows. The software's Windows services (BrAuSvc and BRPA_Agent) have file paths containing spaces that are not enclosed in quotes. This misconfiguration allows a local attacker to place a malicious executable in a location that Windows might mistakenly execute instead of the intended service executable. Exploiting this can lead to arbitrary code execution with elevated privileges, as the affected services run under the LocalSystem account and start automatically. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code on the affected system with elevated privileges. This means the attacker can escalate their access rights, potentially gaining full control over the system, which can lead to unauthorized actions, data compromise, or disruption of services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the Windows service configurations for unquoted service paths in the BrAuSvc and BRPA_Agent services. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to query the service configurations and identify unquoted paths. For example, use the command 'wmic service get name,pathname' or 'sc qc BrAuSvc' and 'sc qc BRPA_Agent' to view the executable paths and check if they are unquoted. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service paths by enclosing the executable paths in quotation marks in the service configurations to prevent malicious executable injection. Additionally, restrict local user permissions to prevent unauthorized users from placing executables in the vulnerable paths. Monitoring and applying any patches or updates from Brother for BRPrint Auditor is also recommended. [1, 2]